Originally posted by: SystemAdmin

Dear All,

Thanks in advance.

I am currently setting up LDAP authentication for users accessing an AIX 5.3 box.

Problem- While trying to telnet to the AIX box using LDAP account (test04), I get a login error saying:

3004-010 Failed setting terminal ownership and mode.

Using an existing local account to login then su - (test04) into the LDAP user account works.

file:/etc/security/user:

test04:
admin = false
histsize = 2
SYSTEM = "LDAP"
registry = LDAP

Do I need to create a local user "test04" and corresponding group in order to make it work when using "test04" user to directly login to the telnet session?
Thanks.

Regards,
Ray
#AIX-Forum

Originally posted by: SystemAdmin

No, you should not have to set a user up as a local user. You should have a HOME directory in the client. There is a known APAR fix for problems with 3004-010 error having do do with a large LDAP group. IY78339 is the APAR.

I can't be sure from what you have said that this is your problem. This is likely something you should work with support line to solve.

One comment is that an LDAP user must belong to an LDAP group. You cannot have LDAP users with local groups, but again I don't think that is your problem.

You didn't say what your LDAP server was. Another error I found in the database occurs with a Novell LDAP server.

lsldap -a passwd test04 | pg

Will show all the attributes.
Also
lsuser -R LDAP test04

Does the LDAP server have the posixgroup gid and memberuid's
(&(objectclass=posixgroup)(gid=500))
(&(objectclass=posixgroup)(memberuid=andmar))

So make sure the primary group for the user is known to LDAP
#AIX-Forum